Validate user not to use previous password.
I used list field on sys_user form to store previous password and MD5 checksum to generate has code. However, you can use Salt to make it more stronger so that it should not decrypted by anyone.
Step 1:
Create list field on 'sys_user' form called 'u_password_history'.
Step 2:
Add below code in Installation Exits -> ValidatePasswordStronger before 'return true';
var gr = new GlideRecord("sys_user");
if (gr.get(gs.getUserID())) {
// Do something based on the Password Changing
var _gaChkSum = new GlideChecksum(user_password + gs.getUserID()); /// Generate MD5 Password
var arr = [];
var first = false;
arr = gr.u_password_history.split(',');
if(arr.length == undefined ){ ////// If there is no previous password then add fist password
arr = [];
arr.push(_gaChkSum.getMD5());
first = true;
}
if(arr.length >= 1 && first == false){ /// check for previous password
var list = arr.toString();
if(list.indexOf(_gaChkSum.getMD5()) != -1){
gs.addErrorMessage(gs.getMessage("MATCHING WITH LAST 12 PASSWORD") + ": " + rules);
return false; /// if this matches with previous password.
}else{
if(arr.length == 12){ /////// Here you can decide the lenght of the previous password
delete arr[0];
}
arr.push(_gaChkSum.getMD5());
}
}
gr.u_password_history = arr.toString();
gr.update();
}
//// End Check Password History
Step 3:
Create ACL on 'u_password_history' which will hide data from Admin and other users, it should be visible to only elevated Role.
This depend if you want to use 'security_admin' or separate role for this.
This is my first Document, so please feel free to put more suggestions or idea to make it stronger.
Thanks All,
SS
